CISSP

Security and Risk Management

  • Understand, adhere to, and promote professional ethics
  • Understand and apply security concepts
  • Evaluate and apply security governance principles
  • Determine compliance and other requirements
  • Understand legal and regulatory issues that pertain to information security in a holistic context
  • Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
  • Develop, document, and implement security policy, standards, procedures, and guidelines
  • Identify, analyze, and prioritize Business Continuity (BC) requirements
  • Contribute to and enforce personnel security policies and procedures
  • Understand and apply risk management concepts
  • Understand and apply threat modeling concepts and methodologies
  • Apply Supply Chain Risk Management (SCRM) concepts
  • Establish and maintain a security awareness, education, and training program

Activity: National and Regional Examples.

Asset Security

  • Identify and classify information and assets
  • Establish information and asset handling requirements
  • Provision resources securely
  • Manage data lifecycle
  • Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS))
  • Determine data security controls and compliance requirements

Discussion: Information Asset Inventory

Security Architecture and Engineering

  • Research, implement and manage engineering processes using secure design principles
  • Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
  • Select controls based upon systems security requirements
  • Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
  • Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
  • Select and determine cryptographic solutions
  • Understand methods of cryptanalytic attacks
  • Apply security principles to site and facility design
  • Design site and facility security controls

Discussion: Industrial Control Systems

Activity: Understanding the Workings of a Certificate

Activity: Management Checklist for Cryptographic Health and Readiness

Communication and Network Security

  • Assess and implement secure design principles in network architectures
  • Secure network components
  • Implement secure communication channels according to design

Activity: NAC Implementations

Discussion: Remote Access

Identity and Access Management (IAM)

  • Control physical and logical access to assets
  • Manage identification and authentication of people, devices, and services
  • Federated identity with a third-party service
  • Implement and manage authorization mechanisms
  • Manage the identity and access provisioning lifecycle
  • Implement authentication systems

Activity: Federated Identity Management

Discussion: OAuth vs. OpenID Connect

Security Assessment and Testing

  • Design and validate assessment, test, and audit strategies
  • Conduct security control testing
  • Collect security process data (e.g., technical and administrative)
  • Analyze test output and generate report
  • Conduct or facilitate security audits

Discussion:Ethical Penetration Testing

Security Operations

  • Understand and comply with investigations
  • Conduct logging and monitoring activities
  • Perform Configuration Management (CM) (e.g., provisioning, baselining, automation)
  • Apply foundational security operations concepts
  • Apply resource protection
  • Conduct incident management
  • Operate and maintain detective and preventative measures
  • Implement and support patch and vulnerability management
  • Understand and participate in change management processes
  • Implement recovery strategies
  • Implement Disaster Recovery (DR) processes
  • Test Disaster Recovery Plans (DRP)
  • Participate in Business Continuity (BC) planning and exercises
  • Implement and manage physical security
  • Address personnel safety and security concerns

Discussion: Crime Prevention through Environmental Design

Software Development Security

  • Understand and integrate security in the Software Development Life Cycle (SDLC)
  • Identify and apply security controls in software development ecosystems
  • Assess the effectiveness of software security
  • Assess security impact of acquired software
  • Define and apply secure code

Discussion: Comparing Risk to Business Needs

Activity: Threat Mapping: Applying the OWASP

Activity: Threat Mapping: Applying Taxonomies

CISSP Certification Overview

  • CISSP Experience Requirements
  • Pratice Question Drill Review
  • What to do before CISSP Exam
  • What to do while taking exam
  • Tips and tricks

Course Features

Attend our official (ISC)² CISSP certification training course and receive up to 50 hours of intensive live classroom instruction. Tuition covers the industry’s most robust list of features.

(ISC)² CISSP Exam Voucher and Retake Guarantee

(ISC)² Official CISSP CBK Student Kit

(ISC)² CISSP Official Practice Tests

Training Camp CISSP Exam Guide

(ISC)² Authorized CISSP Instructor

Training Camp Proprietary Practice Questions

Access to Live, Online Saturday Review Sessions

G.I. Bill® Eligible up to 100%